STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Security-relevant software updates to the EDB Postgres Advanced Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

DISA Rule

SV-213636r508024_rule

Vulnerability Number

V-213636

Group Title

SRG-APP-000456-DB-000390

Rule Version

PPS9-00-009900

Severity

CAT II

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Institute and adhere to policies and procedures to ensure that patches are consistently obtained from EnterpriseDB and applied to the DBMS within the time allowed.

Ensure that a monitored email address is registered as a user on the EDB support portal and is receiving technical alerts.

Check Contents

Obtain evidence that software patches are obtained from EnterpriseDB and are consistently applied to the DBMS within the timeframe defined for each patch.

If such evidence cannot be obtained, or the evidence that is obtained indicates a pattern of noncompliance, this is a finding.

If an administrator is not registered on the EDB Support Portal with an email address for monitoring technical alerts, this is a finding.

Vulnerability Number

V-213636

Documentable

False

Rule Version

PPS9-00-009900

Severity Override Guidance

Obtain evidence that software patches are obtained from EnterpriseDB and are consistently applied to the DBMS within the timeframe defined for each patch.

If such evidence cannot be obtained, or the evidence that is obtained indicates a pattern of noncompliance, this is a finding.

If an administrator is not registered on the EDB Support Portal with an email address for monitoring technical alerts, this is a finding.

Check Content Reference

M

Target Key

3988

Comments